Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-NXOS-NGOAM-DOS-LTDB9HV.NASL
HistoryAug 27, 2021 - 12:00 a.m.

Cisco NX-OS Software VXLAN OAM DoS (cisco-sa-nxos-ngoam-dos-LTDb9Hv)

2021-08-2700:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
cisco
nx-os
vxlan
oam
dos
vulnerability
ngoam
trill
evpn
cpu usage
crafted packets
security advisory
cisco bids

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

52.7%

JSON

A denial of service (DoS) vulnerability exists in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, due to an improper handling of specific packets with a Transparent Interconnection of Lots of Links (TRILL) OAM EtherType. An unauthenticated, remote attacker can exploit this issue by sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN (EVPN) fabric causing the affected device to experience high CPU usage and consume excessive system resources.

Note: Please see the included Cisco BIDs and Cisco Security Advisory for more information.

#TRUSTED 35e0617b8eba16fc006ec8923093d7884fd9f521815d2a3e1691067dc8c1044cb477aaa9d8517dd480fb9f3a5a5aa6805639910c742aeb51c1e6b1ba42e02f6ae1cbaff2ce042598eb44e5fe295f685407110875da32b20333c2d7382468ff3ac7b2b53f3bfdfe3c3a2dba2b93b8349305d2b08d7cf8ca3587718c2f54531d3943901cb1b0ab2778dcbc58a8131f055b27730d0a7af43e66b4dc249bbad9457ee8f4142156e8fbf3a8c0a897bd357a9b5d14b3f0580eba356954b4bdb80e5e2f873c3e897a19af4820750b2305bcc26613ca3730a35a78fa03c7af995155c1297479fa4b5424c7fa336ada795051f1bc6f62151b22cba836ef29ef7f102b92387def9b535161ba3d0036e230563b2fd9be4c333bb3216711302fde67d6145cba64af2f41bc5a02c0550dc91a5e117fb394a0aa17efda766dfc84bd67cf654517742909040ccf73131f762a89d14dc7c91981ff82e09aaa9cea752d3cf5e6f07981229e5a74f4f5ff01465f027d2c740a67895a4a9bbe873ab6eade7ac635550b000df7a14e6dc99746eb746a6c3fc6325b5278cb75d76e52ed7ca939e467df23ea9a3c28a8f5573b691277e877c0c4e22bc2af9afba35dc9ae134c2dd7a619e4c1bf09096368c87384a8cd3cce1780bb84db76b335798777754b6b2d7a961f7fb6e12ca8f24b0d8ea9bac96a79dfdf87a868fe3852f822eb3de85ecf1b01281a
#TRUST-RSA-SHA256 055cd95a8c42a68e766737deb2ada6d277dba0b0d5815ce2aebcb46a3166ff0eff0e7155f0be66fe3ca944e30d23af0cee5a328c193a3504b399a701aa227769b37d535c5b4cbab9966c405d290493ee646e429a521f15a6ff92706e410ece10adde8f3f432c7c1c9bc9ed962784a8439cf54096410964c4dede51777baf24c0c85f6c9aa618556ce58812be15eecdf6b694b58c83293807ea298374550ccd7d89746289bcb702e65f2b39faded3c713ed874ed71110b6aa645c5ffc3f31d953fbe4e83ea44c63f807f25168a32511b1ddd1a1ad50f69d530e20aad305a77fc54c35ac92b5669acef6c7ec073447627ec1efb988d01376e90410d1b6dd1ed3d330f8e1865ba04a6e6a03636dff613c19bea5d64c535bbfc464fe62d29279f49fc5cf8b195c15fa7f912614adc7e40a2410b9f9510f3d7c6c5d6df569abc366f830ee2d1fa775f187592b5eb207d913d94ee960d2a55414f91379c0c0ab66806b9aa3cff749e10eeaae3e3329ece5a6706921c274ef9d2f1587e59b882aba46381a6f3fc8c3439c526058845f06c8b3235fbd7ac0cbeac7f0e857a2acb97054d752803e22f3758444a56411017c6c13cca380fd40cf474c39e5c7fe8a3e7d6e9bf6d568cb7f109ceade5dc383fed2370fce8d94376ad0ad156558d3369bc62a9c800853e3276daf543ab9796a86d1276133c64df456449211d603ffa4b05df4a3
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(152877);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/22");

  script_cve_id("CVE-2021-1587");
  script_xref(name:"IAVA", value:"2021-A-0398");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvx66917");
  script_xref(name:"CISCO-SA", value:"cisco-sa-nxos-ngoam-dos-LTDb9Hv");

  script_name(english:"Cisco NX-OS Software VXLAN OAM DoS (cisco-sa-nxos-ngoam-dos-LTDb9Hv)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
  script_set_attribute(attribute:"description", value:
"A denial of service (DoS) vulnerability exists in the VXLAN Operation, Administration, and Maintenance (OAM) feature 
of Cisco NX-OS Software, known as NGOAM,  due to an improper handling of specific packets with a Transparent 
Interconnection of Lots of Links (TRILL) OAM EtherType. An unauthenticated, remote attacker can exploit this issue by 
sending crafted packets, including the TRILL OAM EtherType of 0x8902, to a device that is part of a VXLAN Ethernet VPN 
(EVPN) fabric causing the affected device to experience high CPU usage and consume excessive system resources.

Note: Please see the included Cisco BIDs and Cisco Security Advisory for more information.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ngoam-dos-LTDb9Hv
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7380f039");
  script_set_attribute(attribute:"see_also", value:"http://tools.cisco.com/security/center/viewErp.x?alertId=ERP-74640");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx66917");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvx66917");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1587");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_cwe_id(115);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/08/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/27");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:nx-os");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_nxos_version.nasl");
  script_require_keys("Host/Cisco/NX-OS/Version", "Host/Cisco/NX-OS/Model", "Host/Cisco/NX-OS/Device");

  exit(0);
}

include('cisco_workarounds.inc');
include('ccf.inc');

var product_info = cisco::get_product_info(name:'Cisco NX-OS Software');

if ('Nexus' >!< product_info.device || product_info.model !~ "^[39][0-9]{3}")
  audit(AUDIT_HOST_NOT, 'affected');

var version_list = make_list(
  '9.2(1)',
  '9.2(2)',
  '9.2(2t)',
  '9.2(3)',
  '9.2(3y)',
  '9.2(4)',
  '9.2(2v)',
  '9.3(1)',
  '9.3(2)',
  '9.3(3)',
  '9.3(1z)',
  '9.3(4)',
  '9.3(5)',
  '9.3(6)',
  '9.3(5w)',
  '9.3(7)',
  '9.3(7k)',
  '9.3(7a)',
  '10.1(1)'
);

var reporting = make_array(
  'port'     , product_info['port'],
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvx66917',
  'severity' , SECURITY_WARNING,
  'cmds'     , make_list('show vpc brief', 'show feature | include ngoam')
);

var workarounds = make_list(CISCO_WORKAROUNDS['generic_workaround']);
var  workaround_params = [WORKAROUND_CONFIG['vpc_alive_adjacency'], WORKAROUND_CONFIG['ngoam_feature'], {'require_all_generic_workarounds':TRUE}];

cisco::check_and_report(
  product_info:product_info,
  workarounds:workarounds,
  workaround_params:workaround_params,
  reporting:reporting,
  vuln_versions:version_list
);

Related

prion 1
nessus 1
cisco 1
cve 1
cvelist 1
cnvd 1
nvd 1
prion
prion
Design/Logic Flaw
2021-08-25 20:15:00
nessus
nessus
Cisco NX-OS Software VXLAN OAM Denial of Service (CVE-2021-1587)
2024-01-04 00:00:00
cisco
cisco
Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
2021-08-25 16:00:00
cve
cve
CVE-2021-1587
2021-08-25 20:15:11
cvelist
cvelist
CVE-2021-1587 Cisco NX-OS Software VXLAN OAM (NGOAM) Denial of Service Vulnerability
2021-08-25 19:11:06
cnvd
cnvd
Cisco NX-OS Software Denial of Service Vulnerability (CNVD-2021-68721)
2021-08-26 00:00:00
nvd
nvd
CVE-2021-1587
2021-08-25 20:15:11

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

52.7%

JSON
Related for CISCO-SA-NXOS-NGOAM-DOS-LTDB9HV.NASL
prion1nessus1cisco1cve1cvelist1cnvd1nvd1